altimate-receipts 0.18.0 → 0.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -15,17 +15,17 @@ import {
15
15
  redactReceipt,
16
16
  renderLedger,
17
17
  windowedEffort
18
- } from "./chunk-FPDXOAYN.js";
18
+ } from "./chunk-JWDZLJDG.js";
19
19
  import {
20
20
  FIX_FOR,
21
21
  categorize
22
- } from "./chunk-YO6MVZTD.js";
22
+ } from "./chunk-VKT2ZUCT.js";
23
23
  import {
24
24
  destructiveOutsideRepo,
25
25
  findingSurface,
26
26
  privileged,
27
27
  regenerableBuildArtifact
28
- } from "./chunk-IDAIDLZT.js";
28
+ } from "./chunk-LYLHXQAU.js";
29
29
 
30
30
  // src/receipt/canonical.ts
31
31
  function canonicalize(value) {
@@ -996,4 +996,4 @@ export {
996
996
  rederiveFromTranscript,
997
997
  compareToTranscript
998
998
  };
999
- //# sourceMappingURL=chunk-DNKSESAA.js.map
999
+ //# sourceMappingURL=chunk-3R25IDH5.js.map
@@ -3,7 +3,7 @@ import {
3
3
  destructiveOutsideRepo,
4
4
  regenerableBuildArtifact,
5
5
  regenerableReceiptRm
6
- } from "./chunk-IDAIDLZT.js";
6
+ } from "./chunk-LYLHXQAU.js";
7
7
 
8
8
  // src/findings/gitParse.ts
9
9
  var WRAPPER = /* @__PURE__ */ new Set(["sudo", "env", "nohup", "command", "stdbuf", "time", "timeout", "xargs"]);
@@ -2814,6 +2814,48 @@ function deriveMcpFindings(sum) {
2814
2814
  }
2815
2815
  ];
2816
2816
  }
2817
+ var MCP_CONFIG_FILE = /(?:^|\/)\.mcp\.json$|(?:^|\/)\.(?:cursor|vscode)\/mcp\.json$|(?:^|\/)claude_desktop_config\.json$|(?:^|\/)mcp\.json$/i;
2818
+ var SERVER_ENDPOINT = /"(?:command|url)"\s*:\s*"((?:[^"\\]|\\.)*)"/g;
2819
+ var endpointValues = (text) => {
2820
+ const out = [];
2821
+ for (const m of text.matchAll(SERVER_ENDPOINT)) {
2822
+ out.push(m[1]);
2823
+ }
2824
+ return out;
2825
+ };
2826
+ function deriveMcpConfigFindings(sum) {
2827
+ for (const s of sum.spans) {
2828
+ if (s.kind !== "tool" || typeof s.name !== "string" || !isEditTool(s.name)) {
2829
+ continue;
2830
+ }
2831
+ const fp = filePathOf(s.input);
2832
+ if (!fp || !MCP_CONFIG_FILE.test(fp)) {
2833
+ continue;
2834
+ }
2835
+ const { oldStr, newStr } = editBody(s.input);
2836
+ const before = new Set(endpointValues(oldStr));
2837
+ const added = endpointValues(newStr).filter((v) => !before.has(v));
2838
+ if (added.length === 0) {
2839
+ continue;
2840
+ }
2841
+ const base6 = fp.split("/").pop() ?? fp;
2842
+ return [
2843
+ {
2844
+ id: `mcp-config-change-${s.spanId}`,
2845
+ severity: "high",
2846
+ title: `Added or repointed an MCP server in ${base6}`,
2847
+ detail: `An edit to \`${base6}\` introduced or changed an MCP server endpoint (\`${added[0]}\`) \u2014 it grants the agent (and future agents on this branch) a new external tool surface with whatever credentials that server holds, which the source diff doesn't otherwise show. Review the new server's source and scopes before merging.`,
2848
+ impactLabel: "MCP authority change",
2849
+ confidence: 0.85,
2850
+ score: 100 * 0.85,
2851
+ evidenceSpanId: s.spanId,
2852
+ filePath: fp,
2853
+ guardrailRule: "Adding or repointing an MCP server expands the agent's authority \u2014 review the server's source and scopes as part of the change."
2854
+ }
2855
+ ];
2856
+ }
2857
+ return [];
2858
+ }
2817
2859
 
2818
2860
  // src/findings/persistenceFindings.ts
2819
2861
  var AUTORUN_PATH = /(?:^|\/)\.(?:bashrc|zshrc|bash_profile|zprofile|profile|bash_login|zshenv)$|(?:^|\/)\.config\/fish\/config\.fish$|^\/etc\/profile(?:\.d\/.+)?$|(?:^|\/)Library\/LaunchAgents\/[^/]+|^\/Library\/Launch(?:Daemons|Agents)\/[^/]+|^\/etc\/systemd\/system\/[^/]+|(?:^|\/)\.config\/systemd\/user\/[^/]+|^\/etc\/cron[^/]*|^\/var\/spool\/cron\//i;
@@ -3093,6 +3135,8 @@ var DETECTORS = [
3093
3135
  { name: "sensitive-access", fn: (s) => deriveSensitiveAccess(s) },
3094
3136
  // MCP external side-effects (M105): mutating MCP tool calls the diff can't show
3095
3137
  { name: "mcp", fn: (s) => deriveMcpFindings(s) },
3138
+ // MCP config change (M113): a new/repointed MCP server in a config edit — authority expansion
3139
+ { name: "mcp-config", fn: (s) => deriveMcpConfigFindings(s) },
3096
3140
  // command-pattern security (M106/108/109/110/111/112): metadata egress, untrusted dep source,
3097
3141
  // TLS-disable, setuid, obfuscated exec, masked verification failure
3098
3142
  { name: "command-security", fn: (s) => deriveCommandSecurityFindings(s) },
@@ -5675,4 +5719,4 @@ export {
5675
5719
  redact,
5676
5720
  redactReceipt
5677
5721
  };
5678
- //# sourceMappingURL=chunk-FPDXOAYN.js.map
5722
+ //# sourceMappingURL=chunk-JWDZLJDG.js.map